Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/trunk/ttssh2/ttxssh/cipher.c

Annotation of /trunk/ttssh2/ttxssh/cipher.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 9694 - (hide annotations) (download) (as text)
Sun Jan 16 15:50:48 2022 UTC (2 years, 2 months ago) by nmaya
File MIME type: text/x-csrc
File size: 21398 byte(s) 
LibreSSL には camellia-cbc の関数はあるが camellia-ctr の関数がないので、#ifdef で使い分ける
1 nmaya 9210 /*
2     * Copyright (c) 1998-2001, Robert O'Callahan
3     * (C) 2004- TeraTerm Project
4     * All rights reserved.
5     *
6     * Redistribution and use in source and binary forms, with or without
7     * modification, are permitted provided that the following conditions
8     * are met:
9     *
10     * 1. Redistributions of source code must retain the above copyright
11     * notice, this list of conditions and the following disclaimer.
12     * 2. Redistributions in binary form must reproduce the above copyright
13     * notice, this list of conditions and the following disclaimer in the
14     * documentation and/or other materials provided with the distribution.
15     * 3. The name of the author may not be used to endorse or promote products
16     * derived from this software without specific prior written permission.
17     *
18     * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19     * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21     * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22     * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23     * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24     * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25     * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26     * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27     * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28     */
29    
30     #include "ttxssh.h"
31     #include "ssh.h"
32     #include "ssherr.h"
33     #include "cipher.h"
34     #include "kex.h"
35    
36     #include <openssl/evp.h>
37    
38 nmaya 9255 #include "codeconv.h"
39    
40 nmaya 9210 // from cipher-3des.c
41     extern const EVP_CIPHER* evp_ssh1_3des(void);
42    
43     static const struct ssh2cipher ssh2_ciphers[] = {
44     {SSH2_CIPHER_3DES_CBC, "3des-cbc", 8, 24, 0, 0, 0, EVP_des_ede3_cbc}, // RFC4253
45     {SSH2_CIPHER_AES128_CBC, "aes128-cbc", 16, 16, 0, 0, 0, EVP_aes_128_cbc}, // RFC4253
46     {SSH2_CIPHER_AES192_CBC, "aes192-cbc", 16, 24, 0, 0, 0, EVP_aes_192_cbc}, // RFC4253
47     {SSH2_CIPHER_AES256_CBC, "aes256-cbc", 16, 32, 0, 0, 0, EVP_aes_256_cbc}, // RFC4253
48     {SSH2_CIPHER_BLOWFISH_CBC, "blowfish-cbc", 8, 16, 0, 0, 0, EVP_bf_cbc}, // RFC4253
49 nmaya 9693 {SSH2_CIPHER_AES128_CTR, "aes128-ctr", 16, 16, 0, 0, 0, EVP_aes_128_ctr}, // RFC4344
50     {SSH2_CIPHER_AES192_CTR, "aes192-ctr", 16, 24, 0, 0, 0, EVP_aes_192_ctr}, // RFC4344
51     {SSH2_CIPHER_AES256_CTR, "aes256-ctr", 16, 32, 0, 0, 0, EVP_aes_256_ctr}, // RFC4344
52 nmaya 9210 {SSH2_CIPHER_ARCFOUR, "arcfour", 8, 16, 0, 0, 0, EVP_rc4}, // RFC4253
53     {SSH2_CIPHER_ARCFOUR128, "arcfour128", 8, 16, 1536, 0, 0, EVP_rc4}, // RFC4345
54     {SSH2_CIPHER_ARCFOUR256, "arcfour256", 8, 32, 1536, 0, 0, EVP_rc4}, // RFC4345
55     {SSH2_CIPHER_CAST128_CBC, "cast128-cbc", 8, 16, 0, 0, 0, EVP_cast5_cbc}, // RFC4253
56     {SSH2_CIPHER_3DES_CTR, "3des-ctr", 8, 24, 0, 0, 0, evp_des3_ctr}, // RFC4344
57     {SSH2_CIPHER_BLOWFISH_CTR, "blowfish-ctr", 8, 32, 0, 0, 0, evp_bf_ctr}, // RFC4344
58     {SSH2_CIPHER_CAST128_CTR, "cast128-ctr", 8, 16, 0, 0, 0, evp_cast5_ctr}, // RFC4344
59     {SSH2_CIPHER_CAMELLIA128_CBC, "camellia128-cbc", 16, 16, 0, 0, 0, EVP_camellia_128_cbc}, // draft-kanno-secsh-camellia-02
60     {SSH2_CIPHER_CAMELLIA192_CBC, "camellia192-cbc", 16, 24, 0, 0, 0, EVP_camellia_192_cbc}, // draft-kanno-secsh-camellia-02
61     {SSH2_CIPHER_CAMELLIA256_CBC, "camellia256-cbc", 16, 32, 0, 0, 0, EVP_camellia_256_cbc}, // draft-kanno-secsh-camellia-02
62 nmaya 9694 #ifndef LIBRESSL_VERSION_NUMBER
63 nmaya 9693 {SSH2_CIPHER_CAMELLIA128_CTR, "camellia128-ctr", 16, 16, 0, 0, 0, EVP_camellia_128_ctr}, // draft-kanno-secsh-camellia-02
64     {SSH2_CIPHER_CAMELLIA192_CTR, "camellia192-ctr", 16, 24, 0, 0, 0, EVP_camellia_192_ctr}, // draft-kanno-secsh-camellia-02
65     {SSH2_CIPHER_CAMELLIA256_CTR, "camellia256-ctr", 16, 32, 0, 0, 0, EVP_camellia_256_ctr}, // draft-kanno-secsh-camellia-02
66 nmaya 9694 #else
67     {SSH2_CIPHER_CAMELLIA128_CTR, "camellia128-ctr", 16, 16, 0, 0, 0, evp_camellia_128_ctr}, // draft-kanno-secsh-camellia-02
68     {SSH2_CIPHER_CAMELLIA192_CTR, "camellia192-ctr", 16, 24, 0, 0, 0, evp_camellia_128_ctr}, // draft-kanno-secsh-camellia-02
69     {SSH2_CIPHER_CAMELLIA256_CTR, "camellia256-ctr", 16, 32, 0, 0, 0, evp_camellia_128_ctr}, // draft-kanno-secsh-camellia-02
70     #endif
71 nmaya 9210 #ifdef WITH_CAMELLIA_PRIVATE
72     {SSH2_CIPHER_CAMELLIA128_CBC, "camellia128-cbc@openssh.org", 16, 16, 0, 0, 0, EVP_camellia_128_cbc},
73     {SSH2_CIPHER_CAMELLIA192_CBC, "camellia192-cbc@openssh.org", 16, 24, 0, 0, 0, EVP_camellia_192_cbc},
74     {SSH2_CIPHER_CAMELLIA256_CBC, "camellia256-cbc@openssh.org", 16, 32, 0, 0, 0, EVP_camellia_256_cbc},
75     {SSH2_CIPHER_CAMELLIA128_CTR, "camellia128-ctr@openssh.org", 16, 16, 0, 0, 0, evp_camellia_128_ctr},
76     {SSH2_CIPHER_CAMELLIA192_CTR, "camellia192-ctr@openssh.org", 16, 24, 0, 0, 0, evp_camellia_128_ctr},
77     {SSH2_CIPHER_CAMELLIA256_CTR, "camellia256-ctr@openssh.org", 16, 32, 0, 0, 0, evp_camellia_128_ctr},
78     #endif // WITH_CAMELLIA_PRIVATE
79     {SSH2_CIPHER_AES128_GCM, "aes128-gcm@openssh.com", 16, 16, 0, 12, 16, EVP_aes_128_gcm}, // not RFC5647, PROTOCOL of OpenSSH
80     {SSH2_CIPHER_AES256_GCM, "aes256-gcm@openssh.com", 16, 32, 0, 12, 16, EVP_aes_256_gcm}, // not RFC5647, PROTOCOL of OpenSSH
81 nmaya 9255 {SSH2_CIPHER_CHACHAPOLY, "chacha20-poly1305@openssh.com", 8, 64, 0, 0, 16, EVP_enc_null},
82     {SSH_CIPHER_NONE, "none", 8, 0, 0, 0, 0, EVP_enc_null}, // for no passphrase key file
83     {SSH_CIPHER_3DES, "3des", 8, 16, 0, 0, 0, evp_ssh1_3des}, // for RSA1 key file
84 nmaya 9210 };
85    
86    
87     int get_cipher_id(const struct ssh2cipher *cipher)
88     {
89     if (cipher) {
90     return cipher->id;
91     }
92     else {
93     return 0;
94     }
95     }
96    
97     u_int get_cipher_block_size(const struct ssh2cipher *cipher)
98     {
99     u_int blocksize = 0;
100    
101     if (cipher) {
102     blocksize = cipher->block_size;
103     }
104    
105     return max(blocksize, 8);
106     }
107    
108     u_int get_cipher_key_len(const struct ssh2cipher *cipher)
109     {
110     if (cipher) {
111     return cipher->key_len;
112     }
113     else {
114     return 0;
115     }
116     }
117    
118     u_int get_cipher_discard_len(const struct ssh2cipher *cipher)
119     {
120     if (cipher) {
121     return cipher->discard_len;
122     }
123     else {
124     return 0;
125     }
126     }
127    
128     u_int get_cipher_iv_len(const struct ssh2cipher *cipher)
129     {
130     if (cipher) {
131 nmaya 9255 if (cipher->iv_len != 0 || cipher->id == SSH2_CIPHER_CHACHAPOLY) {
132 nmaya 9210 return cipher->iv_len;
133     }
134     else {
135     return cipher->block_size;
136     }
137     }
138     else {
139     return 8; // block_size
140     }
141     }
142    
143     u_int get_cipher_auth_len(const struct ssh2cipher *cipher)
144     {
145     if (cipher) {
146     return cipher->auth_len;
147     }
148     else {
149     return 0;
150     }
151     }
152    
153     const EVP_CIPHER *get_cipher_EVP_CIPHER(const struct ssh2cipher *cipher)
154     {
155     if (cipher) {
156     return cipher->func();
157     }
158     else {
159     return EVP_enc_null();
160     }
161     }
162    
163     char *get_cipher_string(const struct ssh2cipher *cipher)
164     {
165     if (cipher) {
166     return cipher->name;
167     }
168     else {
169     return "unknown";
170     }
171     }
172    
173     // �����A���S���Y�����������������B
174     const struct ssh2cipher *get_cipher_by_name(char *name)
175     {
176     const struct ssh2cipher *ptr = ssh2_ciphers;
177    
178     if (name == NULL || name[0] == '\0')
179     return NULL;
180    
181     while (ptr->name != NULL) {
182     if (strcmp(ptr->name, name) == 0) {
183     return ptr;
184     }
185     ptr++;
186     }
187    
188     // not found.
189     return NULL;
190     }
191    
192     // �\����
193     char *get_cipher_name(int cipher_id)
194     {
195     switch (cipher_id) {
196     case SSH_CIPHER_NONE:
197     return "None";
198     case SSH_CIPHER_3DES:
199     return "3DES (168 key bits)";
200     case SSH_CIPHER_DES:
201     return "DES (56 key bits)";
202     case SSH_CIPHER_BLOWFISH:
203     return "Blowfish (256 key bits)";
204    
205     // SSH2
206     case SSH2_CIPHER_3DES_CBC:
207     return "3des-cbc";
208     case SSH2_CIPHER_AES128_CBC:
209     return "aes128-cbc";
210     case SSH2_CIPHER_AES192_CBC:
211     return "aes192-cbc";
212     case SSH2_CIPHER_AES256_CBC:
213     return "aes256-cbc";
214     case SSH2_CIPHER_BLOWFISH_CBC:
215     return "blowfish-cbc";
216     case SSH2_CIPHER_AES128_CTR:
217     return "aes128-ctr";
218     case SSH2_CIPHER_AES192_CTR:
219     return "aes192-ctr";
220     case SSH2_CIPHER_AES256_CTR:
221     return "aes256-ctr";
222     case SSH2_CIPHER_ARCFOUR:
223     return "arcfour";
224     case SSH2_CIPHER_ARCFOUR128:
225     return "arcfour128";
226     case SSH2_CIPHER_ARCFOUR256:
227     return "arcfour256";
228     case SSH2_CIPHER_CAST128_CBC:
229     return "cast-128-cbc";
230     case SSH2_CIPHER_3DES_CTR:
231     return "3des-ctr";
232     case SSH2_CIPHER_BLOWFISH_CTR:
233     return "blowfish-ctr";
234     case SSH2_CIPHER_CAST128_CTR:
235     return "cast-128-ctr";
236     case SSH2_CIPHER_CAMELLIA128_CBC:
237     return "camellia128-cbc";
238     case SSH2_CIPHER_CAMELLIA192_CBC:
239     return "camellia192-cbc";
240     case SSH2_CIPHER_CAMELLIA256_CBC:
241     return "camellia256-cbc";
242     case SSH2_CIPHER_CAMELLIA128_CTR:
243     return "camellia128-ctr";
244     case SSH2_CIPHER_CAMELLIA192_CTR:
245     return "camellia192-ctr";
246     case SSH2_CIPHER_CAMELLIA256_CTR:
247     return "camellia256-ctr";
248     case SSH2_CIPHER_AES128_GCM:
249     return "aes128-gcm@openssh.com";
250     case SSH2_CIPHER_AES256_GCM:
251     return "aes256-gcm@openssh.com";
252 nmaya 9255 case SSH2_CIPHER_CHACHAPOLY:
253     return "chacha20-poly1305@openssh.com(SSH2)";
254 nmaya 9210
255     default:
256     return "Unknown";
257     }
258     }
259    
260     // ���X�g�{�b�N�X�\����
261 nmaya 9255 wchar_t *get_listbox_cipher_nameW(int cipher_id, PTInstVar pvar)
262 nmaya 9210 {
263 nmaya 9255 typedef struct {
264     int no;
265     const char *nameA;
266     } list_t;
267     static const list_t list[] = {
268     { SSH_CIPHER_3DES, "3DES(SSH1)" },
269     { SSH_CIPHER_DES, "DES(SSH1)" },
270     { SSH_CIPHER_BLOWFISH, "Blowfish(SSH1)" },
271     { SSH2_CIPHER_AES128_CBC, "aes128-cbc(SSH2)" },
272     { SSH2_CIPHER_AES192_CBC, "aes192-cbc(SSH2)" },
273     { SSH2_CIPHER_AES256_CBC, "aes256-cbc(SSH2)" },
274     { SSH2_CIPHER_3DES_CBC, "3des-cbc(SSH2)" },
275     { SSH2_CIPHER_BLOWFISH_CBC, "blowfish-cbc(SSH2)" },
276     { SSH2_CIPHER_AES128_CTR, "aes128-ctr(SSH2)" },
277     { SSH2_CIPHER_AES192_CTR, "aes192-ctr(SSH2)" },
278     { SSH2_CIPHER_AES256_CTR, "aes256-ctr(SSH2)" },
279     { SSH2_CIPHER_ARCFOUR, "arcfour(SSH2)" },
280     { SSH2_CIPHER_ARCFOUR128, "arcfour128(SSH2)" },
281     { SSH2_CIPHER_ARCFOUR256, "arcfour256(SSH2)" },
282     { SSH2_CIPHER_CAST128_CBC, "cast128-cbc(SSH2)" },
283     { SSH2_CIPHER_3DES_CTR, "3des-ctr(SSH2)" },
284     { SSH2_CIPHER_BLOWFISH_CTR, "blowfish-ctr(SSH2)" },
285     { SSH2_CIPHER_CAST128_CTR, "cast128-ctr(SSH2)" },
286     { SSH2_CIPHER_CAMELLIA128_CBC, "camellia128-cbc(SSH2)" },
287     { SSH2_CIPHER_CAMELLIA192_CBC, "camellia192-cbc(SSH2)" },
288     { SSH2_CIPHER_CAMELLIA256_CBC, "camellia256-cbc(SSH2)" },
289     { SSH2_CIPHER_CAMELLIA128_CTR, "camellia128-ctr(SSH2)" },
290     { SSH2_CIPHER_CAMELLIA192_CTR, "camellia192-ctr(SSH2)" },
291     { SSH2_CIPHER_CAMELLIA256_CTR, "camellia256-ctr(SSH2)" },
292     { SSH2_CIPHER_AES128_GCM, "aes128-gcm@openssh.com(SSH2)" },
293     { SSH2_CIPHER_AES256_GCM, "aes256-gcm@openssh.com(SSH2)" },
294     { SSH2_CIPHER_CHACHAPOLY, "chacha20-poly1305@openssh.com(SSH2)" },
295     };
296     int i;
297     const list_t *p = list;
298 nmaya 9210
299 nmaya 9255 if (cipher_id == SSH_CIPHER_NONE) {
300     wchar_t uimsg[MAX_UIMSG];
301     UTIL_get_lang_msgW("DLG_SSHSETUP_CIPHER_BORDER", pvar,
302     L"<ciphers below this line are disabled>", uimsg);
303     return _wcsdup(uimsg);
304 nmaya 9210 }
305 nmaya 9255 for (i = 0; i < _countof(list); p++,i++) {
306     if (p->no == cipher_id) {
307     return ToWcharA(p->nameA);
308     }
309     }
310     return NULL;
311 nmaya 9210 }
312    
313     /*
314     * Remove unsupported cipher or duplicated cipher.
315     * Add unspecified ciphers at the end of list.
316     */
317     void normalize_cipher_order(char *buf)
318     {
319     /* SSH_CIPHER_NONE means that all ciphers below that one are disabled.
320     We *never* allow no encryption. */
321     static char default_strings[] = {
322     SSH2_CIPHER_AES256_GCM,
323     SSH2_CIPHER_CAMELLIA256_CTR,
324 nmaya 9255 SSH2_CIPHER_CHACHAPOLY,
325 nmaya 9210 SSH2_CIPHER_AES256_CTR,
326     SSH2_CIPHER_CAMELLIA256_CBC,
327     SSH2_CIPHER_AES256_CBC,
328     SSH2_CIPHER_CAMELLIA192_CTR,
329     SSH2_CIPHER_AES192_CTR,
330     SSH2_CIPHER_CAMELLIA192_CBC,
331     SSH2_CIPHER_AES192_CBC,
332     SSH2_CIPHER_AES128_GCM,
333     SSH2_CIPHER_CAMELLIA128_CTR,
334     SSH2_CIPHER_AES128_CTR,
335     SSH2_CIPHER_CAMELLIA128_CBC,
336     SSH2_CIPHER_AES128_CBC,
337 nmaya 9693 #if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x30000000UL
338 nmaya 9210 SSH2_CIPHER_3DES_CTR,
339 nmaya 9693 #endif
340 nmaya 9210 SSH2_CIPHER_3DES_CBC,
341 nmaya 9693 #if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x30000000UL
342 nmaya 9210 SSH2_CIPHER_BLOWFISH_CTR,
343     SSH2_CIPHER_BLOWFISH_CBC,
344     SSH2_CIPHER_CAST128_CTR,
345     SSH2_CIPHER_CAST128_CBC,
346 nmaya 9693 #endif
347 nmaya 9210 SSH_CIPHER_3DES,
348     SSH_CIPHER_NONE,
349 nmaya 9693 #if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x30000000UL
350 nmaya 9210 SSH2_CIPHER_ARCFOUR256,
351     SSH2_CIPHER_ARCFOUR128,
352     SSH2_CIPHER_ARCFOUR,
353 nmaya 9693 #endif
354 nmaya 9210 SSH_CIPHER_BLOWFISH,
355     SSH_CIPHER_DES,
356 nmaya 9693 #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000UL
357     0, 0, 0, // Dummy for SSH2_CIPHER_3DES_CTR, SSH2_CIPHER_BLOWFISH_CTR, SSH2_CIPHER_BLOWFISH_CBC,
358     0, 0, // Dummy for SSH2_CIPHER_CAST128_CTR, SSH2_CIPHER_CAST128_CBC
359     0, 0, 0, // Dummy for SSH2_CIPHER_ARCFOUR256, SSH2_CIPHER_ARCFOUR128, SSH2_CIPHER_ARCFOUR
360     #endif
361 nmaya 9210 0, 0, 0 // Dummy for SSH_CIPHER_IDEA, SSH_CIPHER_TSS, SSH_CIPHER_RC4
362     };
363    
364     normalize_generic_order(buf, default_strings, NUM_ELEM(default_strings));
365     }
366    
367     const struct ssh2cipher *choose_SSH2_cipher_algorithm(char *server_proposal, char *my_proposal)
368     {
369     char str_cipher[32];
370     const struct ssh2cipher *ptr = ssh2_ciphers;
371    
372     choose_SSH2_proposal(server_proposal, my_proposal, str_cipher, sizeof(str_cipher));
373     return get_cipher_by_name(str_cipher);
374     }
375    
376     void SSH2_update_cipher_myproposal(PTInstVar pvar)
377     {
378     static char buf[512]; // TODO: malloc()��������
379     int cipher;
380     int len, i;
381     char *c_str;
382    
383     // ���M�������������������������A�O�������B(2006.6.26 maya)
384     if (pvar->socket != INVALID_SOCKET) {
385     return;
386     }
387    
388     // �����A���S���Y���D���������������Amyproposal[]�������������B(2004.11.6 yutaka)
389     buf[0] = '\0';
390     for (i = 0 ; pvar->settings.CipherOrder[i] != 0 ; i++) {
391     cipher = pvar->settings.CipherOrder[i] - '0';
392     if (cipher == 0) // disabled line
393     break;
394     switch (cipher) {
395     case SSH2_CIPHER_3DES_CBC:
396     c_str = "3des-cbc,";
397     break;
398     case SSH2_CIPHER_3DES_CTR:
399     c_str = "3des-ctr,";
400     break;
401     case SSH2_CIPHER_BLOWFISH_CBC:
402     c_str = "blowfish-cbc,";
403     break;
404     case SSH2_CIPHER_BLOWFISH_CTR:
405     c_str = "blowfish-ctr,";
406     break;
407     case SSH2_CIPHER_AES128_CBC:
408     c_str = "aes128-cbc,";
409     break;
410     case SSH2_CIPHER_AES192_CBC:
411     c_str = "aes192-cbc,";
412     break;
413     case SSH2_CIPHER_AES256_CBC:
414     c_str = "aes256-cbc,";
415     break;
416     case SSH2_CIPHER_AES128_CTR:
417     c_str = "aes128-ctr,";
418     break;
419     case SSH2_CIPHER_AES192_CTR:
420     c_str = "aes192-ctr,";
421     break;
422     case SSH2_CIPHER_AES256_CTR:
423     c_str = "aes256-ctr,";
424     break;
425     case SSH2_CIPHER_ARCFOUR:
426     c_str = "arcfour,";
427     break;
428     case SSH2_CIPHER_ARCFOUR128:
429     c_str = "arcfour128,";
430     break;
431     case SSH2_CIPHER_ARCFOUR256:
432     c_str = "arcfour256,";
433     break;
434     case SSH2_CIPHER_CAST128_CBC:
435     c_str = "cast128-cbc,";
436     break;
437     case SSH2_CIPHER_CAST128_CTR:
438     c_str = "cast128-ctr,";
439     break;
440     #ifdef WITH_CAMELLIA_PRIVATE
441     case SSH2_CIPHER_CAMELLIA128_CBC:
442     c_str = "camellia128-cbc,camellia128-cbc@openssh.org,";
443     break;
444     case SSH2_CIPHER_CAMELLIA192_CBC:
445     c_str = "camellia192-cbc,camellia192-cbc@openssh.org,";
446     break;
447     case SSH2_CIPHER_CAMELLIA256_CBC:
448     c_str = "camellia256-cbc,camellia256-cbc@openssh.org,";
449     break;
450     case SSH2_CIPHER_CAMELLIA128_CTR:
451     c_str = "camellia128-ctr,camellia128-ctr@openssh.org,";
452     break;
453     case SSH2_CIPHER_CAMELLIA192_CTR:
454     c_str = "camellia192-ctr,camellia192-ctr@openssh.org,";
455     break;
456     case SSH2_CIPHER_CAMELLIA256_CTR:
457     c_str = "camellia256-ctr,camellia256-ctr@openssh.org,";
458     break;
459     #endif // WITH_CAMELLIA_PRIVATE
460     case SSH2_CIPHER_CAMELLIA128_CBC:
461     c_str = "camellia128-cbc,";
462     break;
463     case SSH2_CIPHER_CAMELLIA192_CBC:
464     c_str = "camellia192-cbc,";
465     break;
466     case SSH2_CIPHER_CAMELLIA256_CBC:
467     c_str = "camellia256-cbc,";
468     break;
469     case SSH2_CIPHER_CAMELLIA128_CTR:
470     c_str = "camellia128-ctr,";
471     break;
472     case SSH2_CIPHER_CAMELLIA192_CTR:
473     c_str = "camellia192-ctr,";
474     break;
475     case SSH2_CIPHER_CAMELLIA256_CTR:
476     c_str = "camellia256-ctr,";
477     break;
478     case SSH2_CIPHER_AES128_GCM:
479     c_str = "aes128-gcm@openssh.com,";
480     break;
481     case SSH2_CIPHER_AES256_GCM:
482     c_str = "aes256-gcm@openssh.com,";
483     break;
484 nmaya 9255 case SSH2_CIPHER_CHACHAPOLY:
485     c_str = "chacha20-poly1305@openssh.com,";
486     break;
487 nmaya 9210 default:
488     continue;
489     }
490     strncat_s(buf, sizeof(buf), c_str, _TRUNCATE);
491     }
492     len = strlen(buf);
493     if (len > 0)
494     buf[len - 1] = '\0'; // get rid of comma
495     myproposal[PROPOSAL_ENC_ALGS_CTOS] = buf; // Client To Server
496     myproposal[PROPOSAL_ENC_ALGS_STOC] = buf; // Server To Client
497     }
498    
499    
500     //
501     // SSH2�p�A���S���Y����������
502     //
503 nmaya 9255 int cipher_init_SSH2(
504     struct sshcipher_ctx **ccp, const struct ssh2cipher *cipher,
505     const u_char *key, u_int keylen,
506     const u_char *iv, u_int ivlen,
507     int do_encrypt,
508     PTInstVar pvar)
509 nmaya 9210 {
510 nmaya 9255 struct sshcipher_ctx *cc = NULL;
511     int ret = SSH_ERR_INTERNAL_ERROR;
512     const EVP_CIPHER *type;
513 nmaya 9210 int klen;
514     unsigned char *junk = NULL, *discard = NULL;
515     char tmp[80];
516    
517 nmaya 9255 *ccp = NULL;
518     if ((cc = calloc(sizeof(*cc), 1)) == NULL) {
519 nmaya 9210 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
520     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
521     notify_fatal_error(pvar, tmp, TRUE);
522 nmaya 9255 return SSH_ERR_ALLOC_FAIL;
523 nmaya 9210 }
524 nmaya 9255
525     if (keylen < cipher->key_len) {
526 nmaya 9210 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
527     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
528     notify_fatal_error(pvar, tmp, TRUE);
529 nmaya 9255 ret = SSH_ERR_INVALID_ARGUMENT;
530     goto out;
531 nmaya 9210 }
532 nmaya 9255 if (iv != NULL && ivlen < get_cipher_iv_len(cipher)) {
533     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
534     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
535     notify_fatal_error(pvar, tmp, TRUE);
536     ret = SSH_ERR_INVALID_ARGUMENT;
537     goto out;
538     }
539    
540     cc->cipher = cipher;
541     if (cipher->id == SSH2_CIPHER_CHACHAPOLY) {
542     cc->cp_ctx = chachapoly_new(key, keylen);
543     ret = cc->cp_ctx != NULL ? 0 : SSH_ERR_INVALID_ARGUMENT;
544     if (ret == SSH_ERR_INVALID_ARGUMENT) {
545     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
546     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 4);
547     notify_fatal_error(pvar, tmp, TRUE);
548     }
549     goto out;
550     }
551     type = (*cipher->func)();
552     if ((cc->evp = EVP_CIPHER_CTX_new()) == NULL) {
553     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
554     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 5);
555     notify_fatal_error(pvar, tmp, TRUE);
556     ret = SSH_ERR_ALLOC_FAIL;
557     goto out;
558     }
559     if (EVP_CipherInit(cc->evp, type, NULL, (u_char *)iv, (do_encrypt == CIPHER_ENCRYPT)) == 0) {
560     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
561     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 6);
562     notify_fatal_error(pvar, tmp, TRUE);
563     ret = SSH_ERR_LIBCRYPTO_ERROR;
564     goto out;
565     }
566     if (get_cipher_auth_len(cipher) &&
567     !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, (u_char *)iv)) {
568     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
569     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 7);
570     notify_fatal_error(pvar, tmp, TRUE);
571     ret = SSH_ERR_LIBCRYPTO_ERROR;
572     goto out;
573     }
574     klen = EVP_CIPHER_CTX_key_length(cc->evp);
575 nmaya 9210 if (klen > 0 && keylen != (u_int)klen) {
576 nmaya 9255 if (EVP_CIPHER_CTX_set_key_length(cc->evp, keylen) == 0) {
577 nmaya 9210 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
578 nmaya 9255 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 8);
579 nmaya 9210 notify_fatal_error(pvar, tmp, TRUE);
580 nmaya 9255 ret = SSH_ERR_LIBCRYPTO_ERROR;
581     goto out;
582 nmaya 9210 }
583     }
584 nmaya 9255 if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) {
585 nmaya 9210 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
586 nmaya 9255 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 9);
587 nmaya 9210 notify_fatal_error(pvar, tmp, TRUE);
588 nmaya 9255 ret = SSH_ERR_LIBCRYPTO_ERROR;
589     goto out;
590 nmaya 9210 }
591    
592 nmaya 9255 if (cipher->discard_len > 0) {
593     junk = malloc(cipher->discard_len);
594     discard = malloc(cipher->discard_len);
595 nmaya 9210 if (junk == NULL || discard == NULL ||
596 nmaya 9255 EVP_Cipher(cc->evp, discard, junk, cipher->discard_len) == 0) {
597 nmaya 9210 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
598 nmaya 9255 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 10);
599 nmaya 9210 notify_fatal_error(pvar, tmp, TRUE);
600     }
601     else {
602 nmaya 9255 SecureZeroMemory(discard, cipher->discard_len);
603 nmaya 9210 }
604     free(junk);
605     free(discard);
606     }
607 nmaya 9255 ret = 0;
608    
609     out:
610     if (ret == 0) {
611     *ccp = cc;
612     }
613     else {
614     if (cc != NULL) {
615     EVP_CIPHER_CTX_free(cc->evp);
616     SecureZeroMemory(cc, sizeof(*cc));
617     }
618     }
619     return ret;
620 nmaya 9210 }
621    
622     //
623     // SSH2�p�A���S���Y�����j��
624     ///
625 nmaya 9255 void cipher_free_SSH2(struct sshcipher_ctx *cc)
626 nmaya 9210 {
627 nmaya 9255 if (cc == NULL)
628     return;
629     if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) {
630     chachapoly_free(cc->cp_ctx);
631     cc->cp_ctx = NULL;
632     }
633     EVP_CIPHER_CTX_free(cc->evp);
634     cc->evp = NULL;
635     SecureZeroMemory(cc, sizeof(*cc));
636 nmaya 9210 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help